Thanks for you reply Ben! Sorry for being unclear, the goal would be to just not send the SCSV value in the ClientHello.
-Mark Am Di., 21. Apr. 2020 um 22:06 Uhr schrieb Benjamin Kaduk <bka...@akamai.com >: > On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote: > > Hello, > > > > I was wondering what I'd have to change in the openssl code/config before > > compiling to have renegation disabled by default, so it won't send the > > Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl. > > This description does not really make it clear whether you just want to > prevent > renegotiation or specifically need this SCSV value to not be included in > the > ClientHello -- the semantics of TLS_EMPTY_RENEGOTIATION_INFO_SCSV is "if > renegotiation occurs, the client supports the 'secure' variant", but is > otherwise orthogonal to whether renegotiation itself actually occurs. > > -Ben >
